WordPress UserPro 5.1.x Password Reset / Authentication Bypass / Escalation
Posted on 22 November 2023
WordPress UserPro plugin versions 5.1.1 and below suffer from an insecure password reset mechanism, information disclosure, and authentication bypass vulnerabilities. Versions 5.1.4 and below suffer from privilege escalation and shortcode execution vulnerabilities.